TLS 1.0 Deprecation - How to Prepare for June 1st

April 12th, 2018   |     |  security & compliance

Here’s what OneLogin customers need to know to prepare for the TLS 1.0 deprecation taking place on June 1, 2018.

What is happening?

Over the past two years, several vulnerabilities surfaced specifically targeting the secure connection established between a user’s browser and various web sites and applications that are indispensable to our professional and personal lives.

As new vulnerabilities surface, technologies once considered “highly secure” became less so. Consequently, providers must update their systems to address this change.

PCI is requiring that SSL/early TLS be disabled and companies implement a more secure encryption protocol as of June 30, 2018. TLS 1.1 or higher (TLS 1.2 is highly recommended) will be required in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data. OneLogin will be disabling TLS 1.0 on June 1, 2018.

What is TLS?

Transport Layer Security (TLS) is a cryptographic protocol used to establish a secure communications channel between two systems. It is used to authenticate one or both systems, and protect the confidentiality and integrity of information that passes between systems.

Will I be affected by this?

This new compliance standard will affect OneLogin customers, as well as other vendors worldwide.

This change will affect all vendors that offer online business. If you are a SaaS vendor that stores credit card payment information, for example, there are steps that you must take to comply with these new standards.

How should OneLogin customers prepare?

OneLogin will deprecate TLS 1.0 across all its endpoints. If you are a OneLogin customer, you will have already received an email with detailed information on how to comply, and will continue to receive these emails through June 1st. In the meantime, please review this article for further information, and review this checklist for step-by-step instructions on how to prepare.

About the Author

Justin Calmus is the Chief Security Officer at OneLogin. Before joining OneLogin, Justin served as CIO and CSO at Zenefits, was director of enterprise security at Salesforce, manager of security engineering at LinkedIn, and VP of Hacker Success at HackerOne, the leading bug bounty platform. Today, Justin architects and leads OneLogin’s risk management, security and compliance efforts.

View all posts by Justin Calmus

Secure All Your Apps, Users, and Devices